Lucene search
K
MalwarebytesMost viewed

4709 matches found

Malwarebytes
Malwarebytes
added 2019/11/25 12:55 p.m.36 views

A week in security (November 18 – 24)

Last week on Malwarebytes Labs, we looked at stalkerware’s legal enforcement problem, announced our cooperation with other security vendors and advocacy groups to launch Coalition Against Stalkerware, published our fall 2019 review of exploit kits, looked at how Deepfake on LinkedIn makes for...

0.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/09/09 4:1 p.m.36 views

A week in security (September 2 – 8)

Last week on Malwarebytes Labs, we looked at a smart social engineering toolkit, delved into TrickBot tampering with trusted texts, and explained five ways to help keep remote workers safe. Other cybersecurity news A new Chinese Deepfake app is under fire for privacy concerns related to the use o...

7.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/08/13 4:33 p.m.36 views

Data and device security for domestic abuse survivors

For more than a month, Malwarebytes has worked with advocacy groups, law enforcement, and cybersecurity researchers to deliver helpful information in fighting stalkerware—the disturbing cyber threat that enables domestic abusers to spy on their partners’ digital and physical lives. While we’ve...

0.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/05/30 4:59 p.m.36 views

Researchers discover vulnerabilities in smart assistants’ voice commands

Virtual personal assistants VPA, also known as smart assistants like Amazon’s Alexa and Google’s Assistant, are in the spotlight for vulnerabilities to attack. Take, for example, that incident about an Oregon couple’s Echo smart speaker inadvertently recording their conversation and sending it to...

0.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/11/08 5:13 p.m.36 views

Phony WhatsApp used Unicode to slip under Google’s radar

After a troubling week for Google not so long ago, the company is under the spotlight once more for missing another app that, after further investigations by several members of Reddit, was found laden with adware. This app, which was called "Update WhatsApp Messenger," used the logo and developer...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/08/31 3:0 p.m.36 views

BSides Manchester: Malvertising – under the hood

I've talked about malvertising a fair bit at security events down the years and I was lucky enough to be able to add to the tally at this month's BSides Manchester conference. Whether your preferred variety is desktop, mobile, or even virtual/augmented reality, there's hopefully something here fo...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/06/17 10:56 a.m.35 views

24 billion stolen records exposed online. Here’s what to do

A newly discovered database containing 24 billion stolen records is a reminder that personal information from data breaches, phishing campaigns, and infostealer infections continues to circulate online. The collection was exposed on the internet before being taken offline. While researchers can't...

5.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/11/21 3:28 p.m.35 views

Fake calendar invites are spreading. Here’s how to remove them and prevent more

We’re seeing a surge in phishing calendar invites that users can’t delete, or that keep coming back because they sync across devices. The good news is you can remove them and block future spam by changing a few settings. Most of these unwanted calendar entries are there for phishing purposes. Mos...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/05/19 2:21 p.m.35 views

Update your Chrome to fix serious actively exploited vulnerability

Google released an emergency update for the Chrome browser to patch an actively exploited vulnerability that could have serious ramifications. The update brings the Stable channel to versions 136.0.7103.113/.114 for Windows and Mac and 136.0.7103.113 for Linux. The easiest way to update Chrome is...

4.3CVSS6.8AI score0.05438EPSS
Exploits2
Malwarebytes
Malwarebytes
added 2024/10/01 10:29 a.m.35 views

Facebook and Instagram passwords were stored in plaintext, Meta fined

Ireland’s privacy watchdog Data Protection Commission DPC has fined Meta €91M $101M after the discovery in 2019 that Meta had stored 600 million Facebook and Instagram passwords in plaintext. The DPC ruled that Meta was in violation of GDPR on several occasions related to this breach. It determin...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/05/20 11:21 a.m.35 views

Financial institutions ordered to notify customers after a breach, have an incident response plan

The Securities and Exchange Commission SEC has announced rules around breaches for certain financial institutions—registered broker-dealers, investment companies, investment advisers, and transfer agents— that require them to have written incident response policies and procedures that can be used...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/05/02 8:44 p.m.35 views

Dropbox Sign customer data accessed in breach

Dropbox is reporting a recent "security incident" in which an attacker gained unauthorized access to the Dropbox Sign formerly HelloSign production environment. During this access, the attacker had access to Dropbox Sign customer information. Dropbox Sign is a platform that allows customers to...

7.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/04/01 5:58 p.m.35 views

Free VPN apps turn Android phones into criminal proxies

Researchers at HUMAN’s Satori Threat Intelligence have discovered a disturbing number of VPN apps that turn users devices into proxies for cybercriminals without their knowledge, as part of a camapign called PROXYLIB. Cybercriminals and state actors like to send their traffic through other people...

7.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/02/28 7:43 p.m.35 views

Stopping a targeted attack on a Managed Service Provider (MSP) with ThreatDown MDR

In late January 2024, the ThreatDown Managed Detection and Response MDR team found and stopped a three-month long malware campaign against a Managed Service Provider MSP based in Europe. In line with our observations of attackers increasingly relying on legitimate software in their attacks, the...

7.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/02/15 4:39 p.m.35 views

Massive utility scam campaign spreads via online ads

For many households, energy costs represent a significant part of their overall budget. And when customers want to discuss their bills or look for ways to save money, scammers are just a phone call away. Enter the utility scam, where crooks pretend to be your utility company so they can threaten...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/12/01 2:4 p.m.35 views

Explained: Domain fronting

Domain fronting is a technique of using different domain names on the same HTTPS connection. Put simply, domain fronting hides your traffic when connecting to a specific website. It routes traffic through a larger platform, masking the true destination in the process. The technique became popular...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/08/22 9:0 a.m.35 views

Trusted Advisor puts you in the security driving seat

Malwarebytes' new Trusted Advisor dashboard provides an easy to understand assessment of your security with a single comprehensive protection score, and clear, expert-driven advice. Computer security can be difficult and time consuming. Getting it right means knowing what software needs to be...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/06/19 1:0 a.m.35 views

A week in security (June 12 - 18)

Last week on Malwarebytes Labs: MOVEit discloses THIRD critical vulnerability Fake security researchers push malware files on GitHub LockBit ransomware advisory from CISA provides interesting insights Microsoft fixes six critical vulnerabilities in June Patch Tuesday Update Chrome now! Google fix...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/06/08 1:0 a.m.35 views

Update Chrome now! Google patches actively exploited zero-day

Google has released an update which includes two security fixes. One of these security fixes is for a zero-day about which Google says its aware that an exploit for this vulnerability exists in the wild. How to protect yourself If youre a Chrome user on Windows, Mac, or Linux, you should update a...

6.8CVSS7.1AI score0.32724EPSS
Exploits2
Malwarebytes
Malwarebytes
added 2023/04/26 2:0 a.m.35 views

Decoy dog toolkit plays the long game with Pupy RAT

Researchers at Infoblox have discovered a new toolkit being used in the wild called Decoy Dog. It targets enterprises, and has a fondness for deploying a remote access trojan called Pupy RAT. Activity from the RAT was first noticed earlier this month. Subsequent research revealed that it has been...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/04/03 10:15 a.m.35 views

Big changes to Twitter verification: How to spot a verified account

Twitter has made some fairly major changes to how its verified checkmark status works, and its already causing some confusion. If you rely on the checkmark symbol for confirmation that the individual or business tweeting is actually the real deal, your regular process is now different. How...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/01/17 2:0 a.m.35 views

Web skimmer found on website of Liquor Control Board of Ontario

On January 12, 2023, the Liquor Control Board of Ontario LCBO published a news release about a cybersecurity incident, affecting online sales through LCBO.com. It is one of the largest retailers and wholesalers of beverage alcohol in the world. Web skimmer The cybersecurity incident was a web...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/05/09 2:35 p.m.35 views

How to remove Google from your life

Swearing off a company used to be easier. Rude customer service, an unfortunate bout of food poisoning, even standing up for workers’ rights against the alleged involvement of a private company to order a country’s military to brutally quash a strike—almost every facet of an individual boycott...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/11/22 6:15 p.m.35 views

Security researchers play peek-a-boo with Conti ransomware server

It’s not been a great time for ransomware authors recently. Well, some ransomware authors at any rate. While many are making huge amounts of money from their device-locking antics, its not a profession without risk. Every so often something can and does go wrong, and ransomware groups get into al...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/09/02 7:42 p.m.35 views

WhatsApp hit with €225 million fine for GDPR violations

WhatsApp was hit with a €225 million fine for violating the General Data Protection Regulation GDPR, the European Union’s sweeping data protection law that has been in effect for more than three years. The fine represents the highest ever penalty levied by the Irish Data Protection Commission,...

Exploits0
Malwarebytes
Malwarebytes
added 2021/07/07 2:44 p.m.35 views

Game over: Apex Legends players locked out by protest message

Messages placed directly in or around games is a common hack technique. It can be used for trolling, phishing, scams, or anything else the message-placer can think of. Messages can also be placed in games for the purposes of advertising but thats a tale for a different day. Recently, players of...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/01/27 4:15 p.m.35 views

Google FLoC puts ad trackers on a cookie-free diet

Cookie tracking is dying and Google needs a replacement. Its betting on FLoC, an ad tracking technology that lets it understand peoples behaviour while respecting their privacy. Google has announced that its tests show promising signs that FLoC is working. Is this a milestone on the road to more...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/10/20 12:0 p.m.35 views

Brute force attacks increase due to more open RDP ports

While leaving your back door open while you are working from home may be something you do without giving it a second thought, having unnecessary ports open on your computer is a security risk that is sometimes underestimated. Thats because an open port can be subject to brute force attacks. What...

7.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/09/18 4:57 p.m.35 views

Is domain name abuse something companies should worry about?

Even though some organizations and companies may not realize it, their domain name is an important asset. Their web presence can even make or break companies. Therefor, "domain name abuse" is something that can ruin your reputation. Losing control There are several ways in which perpetrators can...

6.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/07/23 3:0 p.m.35 views

Deepfakes or not: new GAN image stirs up questions about digital fakery

Subversive deepfakes that enter the party unannounced, do their thing, then slink off into the night without anybody noticing are where it’s at. Easily debunked clips of Donald Trump yelling THE NUKES ARE UP or something similarly ludicrous are not a major concern. We’ve already dug into why that...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/04/16 3:55 p.m.35 views

New AgentTesla variant steals WiFi credentials

AgentTesla is a .Net-based infostealer that has the capability to steal data from different applications on victim machines, such as browsers, FTP clients, and file downloaders. The actor behind this malware is constantly maintaining it by adding new modules. One of the new modules that has been...

1.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/03/12 4:53 p.m.35 views

RemoteSec: achieving on-prem security levels with cloud-based remote teams

The world of work is changing—by the minute, it feels these days. With the onset of the global coronavirus pandemic, organizations around the world are scrambling to prepare their workforce, and their infrastructure, for a landslide of remote connections. This means that the security perimeter of...

7.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/02/10 4:56 p.m.35 views

Battling online coronavirus scams with facts

Panic and confusion about the recent coronavirus outbreak spurred threat actors to launch several malware campaigns across the world, relying on a tried-and-true method to infect people’s machines: fear. Cybercriminals targeted users in Japan with an Emotet campaign that included malicious Word...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/04/29 5:0 p.m.35 views

Electrum DDoS botnet reaches 152,000 infected hosts

By Jérôme Segura, Adam Thomas, and S!Ri We have been closely monitoring the situation involving the continued attacks against users of the popular Electrum Bitcoin wallet. Initially, victims were being tricked to download a fraudulent update that stole their cryptocurrencies. Later on, the threat...

1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/01/30 4:35 p.m.35 views

Stolen security logos used to falsely endorse PUPs

To gain the trust of users, many websites and companies feature the logos of reputable firms who endorse their products. Unfortunately, some unseemly companies do the same, using logos of companies who have not, in fact, endorsed their product in order to trick people into thinking that what they...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/10/18 9:0 a.m.35 views

Exhibition: it-sa Nuremberg

Scroll down for the German version of this post. Since 2009, security professionals, developers, and product providers have shared their ideas and platforms at it-sa, a security exhibition in the Exhibition Centre in Nuremberg, Germany. This year, it-sa featured 629 exhibitors including...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/10/02 4:59 p.m.35 views

A week in security (September 25 – October 01)

Recently, we talked about the hacking incident at Deloitte, one of the 'big four' global accounting firms. It was reported that client email addresses, usernames, and passwords were exposed. This also brought to light weaknesses in their policies and lack of threat intelligence to recover leaked...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/05/20 11:46 a.m.34 views

Firefox 151 packs big privacy upgrades into a small update

Mozilla has published release notes for Firefox browser version 151.0, and this update includes several genuinely meaningful privacy and security improvements. Three changes stand out in particular: Stronger anti‑fingerprinting Broader protection for local network access More control over private...

9.6CVSS6AI score0.00532EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2024/10/31 5:5 p.m.34 views

Android malware FakeCall intercepts your calls to the bank

An Android banking Trojan called FakeCall is capable of hijacking the phone calls you make to your bank. Instead of reaching your bank, your call will be redirected to the cybercriminals. The Trojan accomplishes this by installing itself as the default call handler on the infected device. The...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/10/18 4:2 p.m.34 views

Unauthorized data access vulnerability in macOS is detailed by Microsoft

The Microsoft Threat Intelligence team disclosed details about a macOS vulnerability, dubbed "HM Surf," that could allow an attacker to gain access to the user’s data in Safari. The data the attacker could access without users’ consent includes browsed pages, along with the device’s camera,...

5.5CVSS6.5AI score0.07052EPSS
Exploits1
Malwarebytes
Malwarebytes
added 2024/07/15 2:46 p.m.34 views

Disney “breached,” data dumped online

A group of cybercriminals going by the handle NullBulge claims to have downloaded the Slack channels used by Disney’s developers. “DisneySlackLeak Disney has had their entire dev slack dumped. 1.1TiB of files and chat messages. Anything we could get our hands on, we downloaded and packaged up. Wa...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/05/30 4:33 p.m.34 views

Beware of scammers impersonating Malwarebytes

Scammers love to bank on the good name of legitimate companies to gain the trust of their intended targets. Recently, it came to our attention that a cybercriminal is using fake websites for security products to spread malware. One of those websites was impersonating the Malwarebytes brand. Image...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/04/22 10:57 a.m.34 views

Billions of scraped Discord messages up for sale

Four billions public Discord messages are for sale on an internet scraping service called Spy.pet. At first sight there doesn’t seem to be much that is illegal about it. The messages were publicly accessible and there are no laws against scraping data. However, it turns out the site did disregard...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/02/08 2:8 p.m.34 views

Warning from LastPass as fake app found on Apple App Store

Password Manager LastPass has warned about a fraudulent app called “LassPass Password Manager” which it found on the Apple App Store. The app closely mimics the branding and appearance of LastPass, right down to the interface. So, even if the name was a “happy accident” it seems clear that this w...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/01/08 12:1 p.m.34 views

AirTags stalking lawsuit alleges Apple’s negligence in protecting victims

Each year, an estimated 13.5 million people in the US are victim to stalking. This is a worrying fact stated in the introduction of a lawsuit against Apple brought by stalking victims who charge that AirTags empowered their abusers. AirTags are marketed as trackers that allow you to easily find...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/12/25 11:25 a.m.34 views

A week in security (December 18 – December 24)

Last week on Malwarebytes Labs: Comcast’s Xfinity breached by Citrix Bleed; 36 million customer’s data accessed How does ThreatDown Vulnerability Assessment and Patch Management work? How Outlook notification sounds can lead to zero-click exploits Update Chrome now! Emergency update patches...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/12/21 9:9 p.m.34 views

Update Chrome now! Emergency update patches zero-day

Google has released an emergency security update for Chrome that brings the browsers Stable channel to version 120.0.6099.129 for Mac, Linux and to 120.0.6099.129/130 for Windows. This update includes one security fix for a vulnerability that was subject to an existing exploit. The easiest way to...

6.8CVSS7.3AI score0.07356EPSS
Exploits2
Malwarebytes
Malwarebytes
added 2023/12/14 9:53 p.m.34 views

Apple to introduce new feature that makes life harder for iPhone thieves

Reportedly, Apple has plans to make it harder for iPhone thieves to steal your personal information even if they have your device’s passcode. A new feature called Stolen Device Protection is included in the beta version of iOS 17.3. The feature limits access to your private information in case...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/11/09 1:47 p.m.34 views

Nude “before and after” photos stolen from plastic surgeon, posted online, and sent to victims’ family and friends

The FBI is investigating a data breach where cybercriminals were able to steal patients’ records from a Las Vegas plastic surgeons office, and then post the details online which included nude photos. In February, cybercriminals gained access to Hankins & Sohns network, which has offices in both...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/09/22 5:45 p.m.34 views

Emergency update! Apple patches three zero-days

Apple has released security updates for several products to address a handful of zero-day vulnerabilities that may already have been used by criminals. Updates are available for: iOS 16.7 and iPadOS 16.7 iOS 17.0.1 and iPadOS 17.0.1 watchOS 9.6.3 watchOS 10.0.1 macOS Ventura 13.6 macOS Monterey...

7.5CVSS7.1AI score0.29179EPSS
Exploits3
Total number of security vulnerabilities4709